Linode Forum :: IPTables giving me issues...

dwfreed wrote:

Could you provide the output of the following commands?

Code:

iptables-save
netstat -plant | grep 3306

iptables -L isn't very useful, as it omits some info, and makes other things more effort to understand what is actually going on

I use a Editor for php programming and the refreshes seem less likely to happen after I make some code changes and click save, rather then just hitting refresh on the browser.
So I'll make a code change, click save, hit refresh about 6 times then it works, if I don't mess with the editor, and just pound refresh it works ever time.

SYSTEM 2
# Generated by iptables-save v1.4.7 on Sun Apr 8 19:07:32 2012
*security
:INPUT ACCEPT [36656:3526692]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [39079:11623693]
COMMIT
# Completed on Sun Apr 8 19:07:32 2012
# Generated by iptables-save v1.4.7 on Sun Apr 8 19:07:32 2012
*raw

REROUTING ACCEPT [36669:3527649]
:OUTPUT ACCEPT [39080:11623849]
COMMIT
# Completed on Sun Apr 8 19:07:32 2012
# Generated by iptables-save v1.4.7 on Sun Apr 8 19:07:32 2012
*nat

REROUTING ACCEPT [2033:107397]
:INPUT ACCEPT [2024:106608]
:OUTPUT ACCEPT [9621:677265]

OSTROUTING ACCEPT [9621:677265]
COMMIT
# Completed on Sun Apr 8 19:07:32 2012
# Generated by iptables-save v1.4.7 on Sun Apr 8 19:07:32 2012
*mangle

REROUTING ACCEPT [36669:3527649]
:INPUT ACCEPT [36669:3527649]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [39086:11624897]

OSTROUTING ACCEPT [39086:11624897]
COMMIT
# Completed on Sun Apr 8 19:07:32 2012
# Generated by iptables-save v1.4.7 on Sun Apr 8 19:07:32 2012
*filter
:INPUT DROP [13:957]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [39088:11625193]
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 3306 -j ACCEPT
COMMIT
# Completed on Sun Apr 8 19:07:32 2012

Author:	zobrak [ Sun Apr 08, 2012 6:45 pm ]
Post subject:	IPTables giving me issues...
I wanted to be able to access my mysql database with a remote client. (SQLYog) I googled for how to enable remote connections and updated my IPTables. However, now my site is having a hard time refreshing, I run CodeIgniter and on every 5th to 6th refresh, I get can't establish database connection. I have a novice understanding of IPTables and I'm just not sure where I screwed this one up. iptables -L Chain INPUT (policy DROP) target prot opt source destination ACCEPT tcp -- anywhere anywhere tcp dpt:ssh ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:mysql Chain FORWARD (policy DROP) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination ------------------------------------- for those who know CodeIgniter Unable to connect to your database server using the provided settings. Filename: core/Loader.php Line Number: 346 Thanks,

Author:	dwfreed [ Sun Apr 08, 2012 6:50 pm ]
Post subject:
Could you provide the output of the following commands? Code: iptables-save netstat -plant \| grep 3306 iptables -L isn't very useful, as it omits some info, and makes other things more effort to understand what is actually going on

Author:	zobrak [ Sun Apr 08, 2012 7:11 pm ]
Post subject:
dwfreed wrote: Could you provide the output of the following commands? Code: iptables-save netstat -plant \| grep 3306 iptables -L isn't very useful, as it omits some info, and makes other things more effort to understand what is actually going on I use a Editor for php programming and the refreshes seem less likely to happen after I make some code changes and click save, rather then just hitting refresh on the browser. So I'll make a code change, click save, hit refresh about 6 times then it works, if I don't mess with the editor, and just pound refresh it works ever time. # Generated by iptables-save v1.4.7 on Sun Apr 8 19:07:32 2012 security :INPUT ACCEPT [36656:3526692] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [39079:11623693] COMMIT # Completed on Sun Apr 8 19:07:32 2012 # Generated by iptables-save v1.4.7 on Sun Apr 8 19:07:32 2012 raw REROUTING ACCEPT [36669:3527649] :OUTPUT ACCEPT [39080:11623849] COMMIT # Completed on Sun Apr 8 19:07:32 2012 # Generated by iptables-save v1.4.7 on Sun Apr 8 19:07:32 2012 nat REROUTING ACCEPT [2033:107397] :INPUT ACCEPT [2024:106608] :OUTPUT ACCEPT [9621:677265] OSTROUTING ACCEPT [9621:677265] COMMIT # Completed on Sun Apr 8 19:07:32 2012 # Generated by iptables-save v1.4.7 on Sun Apr 8 19:07:32 2012 mangle REROUTING ACCEPT [36669:3527649] :INPUT ACCEPT [36669:3527649] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [39086:11624897] OSTROUTING ACCEPT [39086:11624897] COMMIT # Completed on Sun Apr 8 19:07:32 2012 # Generated by iptables-save v1.4.7 on Sun Apr 8 19:07:32 2012 *filter :INPUT DROP [13:957] :FORWARD DROP [0:0] :OUTPUT ACCEPT [39088:11625193] -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 3306 -j ACCEPT COMMIT # Completed on Sun Apr 8 19:07:32 2012

Author:	zobrak [ Sun Apr 08, 2012 7:56 pm ]
Post subject:
zobrak wrote: dwfreed wrote: Could you provide the output of the following commands? Code: iptables-save netstat -plant \| grep 3306 iptables -L isn't very useful, as it omits some info, and makes other things more effort to understand what is actually going on I use a Editor for php programming and the refreshes seem less likely to happen after I make some code changes and click save, rather then just hitting refresh on the browser. So I'll make a code change, click save, hit refresh about 6 times then it works, if I don't mess with the editor, and just pound refresh it works ever time. SYSTEM 2 # Generated by iptables-save v1.4.7 on Sun Apr 8 19:07:32 2012 security :INPUT ACCEPT [36656:3526692] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [39079:11623693] COMMIT # Completed on Sun Apr 8 19:07:32 2012 # Generated by iptables-save v1.4.7 on Sun Apr 8 19:07:32 2012 raw REROUTING ACCEPT [36669:3527649] :OUTPUT ACCEPT [39080:11623849] COMMIT # Completed on Sun Apr 8 19:07:32 2012 # Generated by iptables-save v1.4.7 on Sun Apr 8 19:07:32 2012 nat REROUTING ACCEPT [2033:107397] :INPUT ACCEPT [2024:106608] :OUTPUT ACCEPT [9621:677265] OSTROUTING ACCEPT [9621:677265] COMMIT # Completed on Sun Apr 8 19:07:32 2012 # Generated by iptables-save v1.4.7 on Sun Apr 8 19:07:32 2012 mangle REROUTING ACCEPT [36669:3527649] :INPUT ACCEPT [36669:3527649] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [39086:11624897] OSTROUTING ACCEPT [39086:11624897] COMMIT # Completed on Sun Apr 8 19:07:32 2012 # Generated by iptables-save v1.4.7 on Sun Apr 8 19:07:32 2012 filter :INPUT DROP [13:957] :FORWARD DROP [0:0] :OUTPUT ACCEPT [39088:11625193] -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 3306 -j ACCEPT COMMIT # Completed on Sun Apr 8 19:07:32 2012 ------------------------------------------------------------------------------------------------------- Here is another Linode I have ... running about the system that works. I'm not sure what of those lines at the bottom I need for previous system to stop having so many errors. SYSTEM 1 # Generated by iptables-save v1.4.7 on Sun Apr 8 19:52:50 2012 security :INPUT ACCEPT [12826672:7758787170] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [10947027:2016195081] COMMIT # Completed on Sun Apr 8 19:52:50 2012 # Generated by iptables-save v1.4.7 on Sun Apr 8 19:52:50 2012 raw REROUTING ACCEPT [12853817:7760185297] :OUTPUT ACCEPT [10947027:2016195081] COMMIT # Completed on Sun Apr 8 19:52:50 2012 # Generated by iptables-save v1.4.7 on Sun Apr 8 19:52:50 2012 nat REROUTING ACCEPT [291780:16679014] :INPUT ACCEPT [268140:15459913] :OUTPUT ACCEPT [1091234:74705149] OSTROUTING ACCEPT [1091234:74705149] COMMIT # Completed on Sun Apr 8 19:52:50 2012 # Generated by iptables-save v1.4.7 on Sun Apr 8 19:52:50 2012 mangle REROUTING ACCEPT [12853817:7760185297] :INPUT ACCEPT [12853817:7760185297] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [10947027:2016195081] OSTROUTING ACCEPT [10947027:2016195081] COMMIT # Completed on Sun Apr 8 19:52:50 2012 # Generated by iptables-save v1.4.7 on Sun Apr 8 19:52:50 2012 filter :INPUT DROP [14622:732886] :FORWARD DROP [0:0] :OUTPUT ACCEPT [7751339:1320739070] -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT -A INPUT -i eth0 -p tcp -m tcp --dport 3306 -j ACCEPT COMMIT # Completed on Sun Apr 8 19:52:50 2012

Linode Forum https://forum.linode.com/

IPTables giving me issues... https://forum.linode.com/viewtopic.php?f=19&t=8671	Page 1 of 1

Page 1 of 1	All times are UTC-04:00
Powered by phpBB® Forum Software © phpBB Group http://www.phpbb.com/